Ravens PHP Scripts

phpNuke Security Alert - ALL VERSIONS
Date: Friday, January 04, 2008 @ 14:07:24 CET
Topic: Security

It is unfortunate that I have to start the New Year with this news item but I would be failing the members of this community if I did not bring it to your attention.

There exists a vulnerability in virgin phpNuke which affects ALL versions as far as I have been able to ascertain. This vulnerability was reported to the author when phpNuke 7.6 was released and still remains within the virgin code even in the current version (phpNuke 8.1).

One can only conclude that the author is happy with a potential 3,020,000 affected sites**.

The vulnerability allows anonymous users to bypass the security code in order for them to create an account and/or post in the forums.
Please - ensure you have the latest patches or upgrade to RavenNuke.

RavenNuke™ is not susceptible to this exploit as it uses a proper CAPTCHA.

My thanks to http://websecurity.com.ua for reminding me of this vulnerability.

** - Figure based on a Google search for "powered by PHP-Nuke" which is exactly how they'll find you!
Do not become one of the other statistics!

RavenNuke™ is not susceptible to this exploit

This article comes from Ravens PHP Scripts

The URL for this story is: